{"id":17350514,"url":"https://github.com/pilosus/dnseen","last_synced_at":"2025-03-27T12:19:25.760Z","repository":{"id":214517877,"uuid":"736703478","full_name":"pilosus/dnseen","owner":"pilosus","description":"simple DNS queries analyzer that works on top of the tcpdump logs","archived":false,"fork":false,"pushed_at":"2024-01-10T13:50:56.000Z","size":66,"stargazers_count":2,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-02-01T16:48:28.863Z","etag":null,"topics":["dns","hosts","privacy","stats"],"latest_commit_sha":null,"homepage":"https://blog.pilosus.org/posts/2023/12/29/dnseen-simple-dns-queries-analyzer/","language":"Clojure","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pilosus.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-12-28T16:22:28.000Z","updated_at":"2024-12-25T19:57:21.000Z","dependencies_parsed_at":"2024-12-06T05:24:48.829Z","dependency_job_id":"8f8c3497-8859-4ab5-80e8-9a960b3123f8","html_url":"https://github.com/pilosus/dnseen","commit_stats":{"total_commits":21,"total_committers":1,"mean_commits":21.0,"dds":0.0,"last_synced_commit":"ebaa1cf36dff4b2cb990bd429c6521b5d48b3c1c"},"previous_names":["pilosus/dnseen"],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pilosus%2Fdnseen","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pilosus%2Fdnseen/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pilosus%2Fdnseen/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pilosus%2Fdnseen/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pilosus","download_url":"https://codeload.github.com/pilosus/dnseen/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245841760,"owners_count":20681196,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dns","hosts","privacy","stats"],"created_at":"2024-10-15T17:07:14.124Z","updated_at":"2025-03-27T12:19:25.738Z","avatar_url":"https://github.com/pilosus.png","language":"Clojure","funding_links":[],"categories":[],"sub_categories":[],"readme":"# dnseen - DNS queries analyzer\n\n`dnseen` is a simple DNS queries analyzer that works on top of the `tcpdump` logs.\n\n- Simple: no GUI/TUI, no modes, easy command-line interface\n- Stands on the shoulders of giants: used `tcpdump` and `systemd` at\n  its core\n- Separation of concerns: logs and a stats report produced by\n  different components and can be used independently\n- Filtering: select a datetime range, filter out domains with regex,\n  filter by domain hits, etc.\n\n```\n$ dnseen\n|                             :domain | :hits | :blocked |\n|-------------------------------------+-------+----------|\n|        profile.accounts.firefox.com |   831 |    false |\n|                          github.com |   531 |    false |\n|                      www.google.com |   351 |    false |\n|                    alive.github.com |   332 |    false |\n|                      api.github.com |   331 |    false |\n|                     www.youtube.com |   326 |    false |\n|                           slack.com |   260 |    false |\n|                       app.slack.com |   246 |    false |\n|                          slackb.com |   232 |    false |\n|                clojurians.slack.com |   230 |    false |\n...\n```\n\n## Install\n\n### Dependencies\n\n`dnseen` requires the following dependencies:\n\n- Linux OS\n- `tcpdump`\n- [babashka](https://github.com/babashka/babashka#installation)\n- (optionally) `logrotate`\n\n\n### Installer script\n\nInstall `dnseen` with the installer script on Linux:\n\n```shell\ncurl -sLO https://raw.githubusercontent.com/pilosus/dnseen/master/install\nchmod +x install\n./install\n```\n\nBy default, the command will be installed in `/usr/local/bin` (you may\nneed to use `sudo` to run the installer script in this case!). You can\nchange installation directory with the option `--install-dir`:\n\n```shell\n./install --install-dir \u003cyour-dir-under-$PATH\u003e\n```\n\nTo install a specific version instead of the latest one use\n`--version` option:\n\n```shell\n./install --version 0.2.0\n```\n\nInstaller script downloads a package archive file to a temporary\ndirectory under `/tmp`, you can change it with the option\n`--download-dir`:\n\n```shell\n./install --download-dir \u003cyour-dir-under-$PATH\u003e\n```\n\nYou can uninstall `dnseen` and all its corresponding services with the\n`--uninstall` option (can be used along with `--install-dir`):\n\n```shell\n./install --uninstall\n```\n\nFor more options see installer script's help:\n\n```shell\n./install --help\n```\n\n### Manual install\n\n1. Clone the repo and `cd` to it:\n\n```shell\ngit clone https://github.com/pilosus/dnseen.git\ncd dnseen\n```\n\n2. Copy content of the `dnseen.service` file and paste to a new\n   `systemd` service:\n\n```shell\nsudo -E systemctl edit dnseen --full --force\n```\n\nAlternatively, simply copy the service file:\n\n```shell\nsudo cp dnseen.service /etc/systemd/system/\n```\n\n3. Reload `systemd`, start the service, enable it to start\n   automatically on system boot, and make sure it works:\n\n```shell\nsudo systemctl daemon-reload\nsudo systemctl start dnseen.service \nsudo systemctl enable dnseen.service\nsudo systemctl status dnseen.service \n```\n\n4. (Optionally) Add `logrotate` config file to make logs rotated:\n\n```shell\nsudo cp dnseen.logrotate /etc/logrotate.d/dnseen\n```\n\nMake sure config is valid:\n\n```shell\nsudo logrotate --debug /etc/logrotate.d/dnseen\n```\n\nIf needed, force rotation and restart the service:\n\n```shell\nsudo logrotate --force /etc/logrotate.d/dnseen\nsudo systemctl restart dnseen.service\n```\n\n\n## Use\n\nBasic usage takes the whole log and prints the report without any\nfilters applied, domains ordered by number of hits in descending\norder:\n\n```shell\ndnseen\n```\n\nwhen invoking command that is not under your `$PATH` (e.g. if you\nfollowed the manual installation guide), use:\n\n```shell\n./dnseen\n```\n\nApply some filters if needed:\n\n```shell\ndnseen \\\n    --from \"2023-12-01T00:00:00\" \\\n    --to \"2024-01-01T00:00:00\" \\\n    --match '\\.(goog|google)$' \\\n    --exclude '(?i).*domains\\.' \\\n    --hosts '/etc/hosts' \\\n    --hits 10 \\\n    --head 20 \\\n    --no-pretty \\\n    -vvv\n```\n\nA path to a file or a directory containing [hosts\nfile](https://man7.org/linux/man-pages/man5/hosts.5.html) can be\nprovided to get statistics about blocked domains, i.e. domains that\nresolve to either [localhost](https://en.wikipedia.org/wiki/Localhost)\nor [0.0.0.0](https://en.wikipedia.org/wiki/0.0.0.0). Use `--totals`\nflag to get aggregation statistics of the report itself:\n\n```shell\ndnseen \\\n    --hosts '/etc/hosts.d/' \\\n    --hosts '/etc/hosts.old' \\\n    --totals\n```\n\nConfiguration parameters can also be defined in a\n[EDN](https://github.com/edn-format/edn) config file. A default path\nto the config file is either `$XDG_CONFIG_HOME/dnseen/config.edn` or\n`$HOME/.config/dnseen/config.edn`. It can be overriden with the\n`--config` option:\n\n```shell\ndnseen --config ~/.dnseen\n```\n\nGet more help with:\n\n```shell\ndnseen --help\n```\n\nFilters are applied to the raw logs in the order the corresponding CLI\noptions are shown in the help message (e.g. `--match` is applied\nbefore `--exclude`).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpilosus%2Fdnseen","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpilosus%2Fdnseen","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpilosus%2Fdnseen/lists"}